Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ SY0-501 - Objectives > 5.8 Given a scenario, carry out data security and privacy practices > Flashcards

5.8 Given a scenario, carry out data security and privacy practices Flashcards

1
Q

Data Destruction and Media Sanitization

A

There are many different ways to dispose of and destroy data. All organizations should implement a data destruction and media sanitization policy to help IT professionals understand how they are to remove data from devices such as old hard drives and mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Destruction and Media Sanitization - Burning

A

One simple way of destroying sensitive documents is by burning the documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Destruction and Media Sanitization - Shredding

A

You can shred documents to destroy sensitive information. Be sure to obtain a cross-cut shredder; a document cut into strips by a regular shredder can be easily be put back together. You can purchase a special type of shredder to destroy old hard drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Destruction and Media Sanitization - Pulping

A

You can pulp sensitive documents by using chemicals to break down the paper into a liquid/paste-like form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data Destruction and Media Sanitization - Pulverizing

A

Pulverizing destroys the old hard drive and reduces it to small particles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Destruction and Media Sanitization - Degaussing

A

Degaussing is the process of removing the magnetic field from hard drives so that the data is lost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Destruction and Media Sanitization - Purging

A

Purging data means permanently erasing data from the storage media, such as a hard drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Destruction and Media Sanitization - Wiping

A

You can use programs to securely wipe a drive, which means overwriting the drive many times to ensure that the data cannot be retrieved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Sensitivity Labeling and Handling

A

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Sensitivity Labeling and Handling - Confidential

A

Government
The third-highest sensitivity label. Information classified as confidential could cause damage to national security if leaked to the public.
(1. Top Secret | 2. Secret | 3. Confidential | 4. Restricted | 5. Unclassified)

Business
The highest sensitivity label. Information classified as confidential could cause grave damage to the organization if leaked to the public.
(1. Confidential | 2. Private | 3. Sensitive | 4. Public)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Sensitivity Labeling and Handling - Private

A

The second-highest sensitivity label. Information classified as private could cause serious damage to the organization if leaked to the public.
(1. Confidential | 2. Private | 3. Sensitive | 4. Public)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Sensitivity Labeling and Handling - Public

A

Information assigned this classification label is suitable for public release.
(1. Confidential | 2. Private | 3. Sensitive | 4. Public)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data Sensitivity Labeling and Handling - Proprietary

A

Another label that could be used to identify information as being private to the company, or internal, is proprietary. Proprietary information is information that is company owned and should not be shared outside the company without authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Sensitivity Labeling and Handling - PII

A

Personally identifiable information (PII) Information that could identify a person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Data Sensitivity Labeling and Handling - PHI

A

Protected health information (PHI) is health information about a patient, their care, health status, and the payment history that is protected by rules in the Health Insurance Portability and Accountability Act (HIPAA). Organizations will typically anonymize this information from the patient to maintain the privacy of the patient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Roles

A

A number of different roles interact with an organization’s data

17
Q

Data Roles - Owner

A

The data owner is typically the company owner, executive team, or department head who decides which data is considered an asset and how that data should be protected.

18
Q

Data Roles - Steward/Custodian

A 
The custodian (aka steward) is the person who
implements the security control based on the value of the asset determined by the owner. The custodian is the IT administrator who performs common tasks such as backups, configuring permissions, configuring firewalls, and hardening systems. Remember that the owner determines the controls needed, while the custodian actually secures the asset by implementing those controls.
19
Q

Data Roles - Privacy Officer

A

The privacy officer, also known as the chief privacy officer (CPO), is responsible for developing policies that address employee personal data and customer personal data. The privacy policy should specify how personal data is to be handled and stored within the organization.

20
Q

Data Retention

A

Another common policy is a data retention policy specifying how long certain information must be retained within the organization. Organizations may have a retention policy that specifies the number of actions that are performed on data:
+ Age of Data
Some companies have policies in place specifying that each piece of information must include metadata identifying the creation date and the expiration date. This helps someone looking at the data know whether it needs to be retained or can be destroyed because it is possible that old data is outdated and inaccurate.

+ Retaining Data
Companies should also have policies in place that specify how long information must be retained before it is allowed to be destroyed.

21
Q

Legal and Compliance

A

A number of legal statutes and/or acts govern various aspects of data security, privacy, retention, and disposal. Earlier, this chapter mentioned the Health Insurance Portability and Privacy Act, which applies to medical records, and FERPA, which applies to educational records. There is also the Fair Credit Reporting Act and the Gramm- Leach-Bliley Act for financial institutions.

There are dozens of others that apply to particular sectors and not others. The most important thing is to uncover which laws and policies govern your organization and then make certain you fully understand and comply with them. Know what controls and safeguards you must have in place and regularly audit them to make sure you are conforming fully.

Remember that ignorance of the law is never a justifiable defense, and the legal obligation is on you to comply.

CompTIA Security+ SY0-501 - Objectives (45 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions